How To Block 99% Of Google (And Why You Shouldn’t Do It)

One of the most popular articles here that I wrote back in very-early 2010 is The Mysterious 1e100.net. You might want to read that before reading this rest of this one for reference. That article has been seen many thousands of times from people wanting to know what the hell [subdomain].1e100.net addresses keep popping up in their network traffic over and over again.

There is only one way to block 1e100.net in its near-entirety, and that’s with two router-based firewall rules. There is no way to block 1e100.net completely via any setting in a browser or add-on/extension. You can have NoScript, FlashBlock, Ghostery running all at once, and 1e100.net will still make connections. If you have other Google products like Google Talk, Picasa or Google Earth to name a few, 1e100.net shows up. If you subscribe to any RSS feeds that are FeedBurner based, that uses 1e100.net. If you have the Google Chrome browser installed, a background process (at least in Windows) periodically connects with 1e100.net for updates. And even if you have the Chromium browser installed without the auto-udpater, the browser “phones home” three times to 1e100.net on every browser startup.

Then of course there are mountains of web sites (including this one) that uses Google Analytics for site traffic monitoring. On top of that there are many sites that use scripting via googleapis.com for site functionality.

The vast majority of 1e100.net public IPs are in the ranges of 74.125.0.0 through 74.125.255.255 and 173.194.0.1 through 173.194.255.255.

You could, if so desired, block all these IPs with your router admin program.

Here’s an example of a firewall rule:

What the above literally translates to is, “For all router-assigned IPs on all ports, deny access to 74.125.0.1 through 74.125.255.254”. I named it “Google 1” and the second range of IPs “Google 2”.

On my particular router, the end portion of an IP address can’t be a 0 or 255, hence the reason it’s shown as 1 and 254 above.

When these two rules are in effect, 99% of Google content is blocked. I say 99% because there are other blocks of IPs Google owns for other services they have.

What happens when you block Google entirely?

You really get to see how deep Google permeates itself throughout the internet when you actually block their 1e100.net IP ranges. A lot of stuff breaks, and it’s for that reason I don’t recommend blocking their IPs.

I’ve seen many forum threads across the internet where a bunch of people who monitor their personal network traffic are all asking the same thing: “HOW DO I BLOCK *ALL* OF GOOGLE?” Well, now you have your answer. Mostly. Block the two IP ranges mentioned above via your router, and the vast majority of 1e100.net connections are stopped cold.

Again I will say that I don’t recommend blocking Google this way because a lof of stuff you use on the internet will break.

You will immediately see a ton of connections to 1e100.net in TCPView:

Enable your firewall rules in your router.

Close your browser and restart it, then try to load youtube.com again.

This is what will happen in TCPView:

Instead of ESTABLISHED, you’ll see SYN_SENT, which means a connection is being attempted. But the connection will never complete because it’s blocked. When you see a bunch of SYN_SENT’s for [anything].1e100.net, your firewall rules are working.

This has nothing to do with the data on your hard drive. When you load a website the page needs resources (images, scripts, etc), which come from servers. Google provides a variety of APIs (components for building web pages and services) which they host. Anytime you access a site which relies on those services your browser will need to connect to the relevant Google server to access the API being used. Think of it like images on a webpage — they don’t need to be hosted by the same server the html itself originates from, the browser retrieves each resource from a given location and composites the final view of the page as it should appear.

I absolutely disagree! When i connect my laptop to the internet it seems some network service is trying to connect to 1e100.net and i dont have a google product or service running on that computer. Bottomline google is grabbing content from any device connected to the internet without client permission and this is illegal. What is the difference between google and cyber criminals?

Your article is helpful and provides part of the solution, but cannot find answer anywhere to that described below, so hoping for input here.

How do we stop Mozilla/chrome-based browsers from sending SYN SENT to GOOGLE???

We want to keep google OFF our machine, but it seems they are constantly on them anyway, despite our efforts by blocking their IP numbers. They seem to be getting in via the BROWSERS that utilize aspects of google technology, such as Mozilla and similar browsers. We notice that as soon as we close the browser, the 1e100.net connections close. However, we’ve also noticed that sometimes 11200.net gets on our machine as soon as we connect to the Net before we even open the browser!? What’s up with that? Also, we’d hate to give up our favorite browsers, just to try to avoid google.

It may be necessary to do more than firewall rules and stopping the SYN SENTs, but we’re starting there. Any further advice much appreciated.

WHY is this relentless accessing of our hard drives even LEGAL and how do we STOP IT? We do not want Google touching our machine, EVER! We’re willing to forego niceties like youtube and so on, owned by Google, if we can just be LEFT ALONE by those blankety-blank spies.

Welcome to the world of cloud computing and blade systems … that’s all it is. The resources is spread over various servers from all over instead of one single localized server as it used to be in the past. So instead of seeing your data coming from one server you are seeing it coming from various different servers with coded names, for both security and naming reasons.

Sure, people will always remain sceptical and sure they Do track some information to present you with adds. That is after all one of their sources of income.

One thing one can’t help but think though … advert e-mails and sms’s require a “opt out” option or they are considered spam. It could be said that search engines and the like should also fall under this rule. They should not shove content down your throught that you didn’t request or use your web use stats “for free” … which is why there are so many adblock plugins around. Installing Chrome though … I guess basically is you confirming you don’t want to opt out.

Transparency please Google … people don’t like their bandwidth/privacy messed around with, however practical and/or innocent the actual reason behind it. Not all countries have unlimited bandwidth to waste.

Google watches the web so they know what people want and what businesses are working on. You will notice Google is the creator of everything. They are not the creator, but the thief. They monitor the web and steal your ideas. They love watching companies when they do research. Google will also try penetrating your networks as we found Google’s IP trying to brute force our secure servers. Google has been caught sniffing wireless networks while driving through your neighborhoods claiming they are only mapping the area. But in the EU Google has been caught stealing all kinds of data. I’ve tried educating Internet users the dangers Google imposes, but people wouldn’t listen. When will people realize that giving in to Google is a dangerous proposition. Nothing is free people and Google is making a killing and you allow it to happen.